Pwdlastset attribute not updating
We have written a simple perl script which binds to a AD domain controller and allows AD users to reset their password across multiple systems through one simple interface (Unix, LDAP etc.).The script modifies the unicode Pwd attribute in active directory and we've successfully tested that indeed the user account password does change. Commit Changes() This will change the users password.... Basically it can't log into AD to change the password because of the expiration. But I want to use this to verify the users old password for security.Rolling out new Password Policies can require planning. Well you can imagine some users would have a password older than 90 days when the new policy take effect.What I want to do is use a script and set users passwords to expire within 10 days or so, so I want to be able to change the "Pwd Last Set" value such that it will expire within 10 days. many thanks Hello there I need to get the "Pwd Last Set" of a user object to know when he last set his password. Directory Entry to bind to the user object, but it either gives "Argument 'Prompt' cannot be converted to type 'String'." or when I use .tostring it returns "system._comobject" I even tried to use this line but it also failed dater. I use the code below: Dim entry As New Directory Services. Path = "LDAP://cn=sameh ahmed,ou=infrastracture,ou=masreya,dc=masreya,dc=local" Msg Box(entry. It checks to see if the user's AD account password has expired. I have seen plenty of code to set the Pwd Last Set to zero to force the account to expire.
”In discussing some planning with someone recently we began talking about an issue where users are forced to immediately change their password. The scenario is simply a user who is affected policy stating their passwords expire in 180 days, or maybe never.
If it wouldn't be too much to ask, can you get a Repadmin output as above on a user account before and then directly after you run your script against it?
I'd like to compare the two so I can see what happens with your script.
PS C:\ Get-ADUser –Identity “Kevin” –Properties pwdlastset This above simply grabs the user object from AD and explicitly asks for the pwdlastset attribute. There are lots of resources out there that show different ways to manipulate ‘datetime’ data.
And there is of course the Power Shell help content that can provide lots of tips and tricks.So, they simply come to work, no warning, no announcement, no notice and try to login and their computer tells them their password is expired change it now.